T.E.N. Knowledge Base

ISE® Central 2016

The Total Economic Impact™ Of Globalscape Enhanced File Transfer  > Download Whitepaper
Globalscape commissioned Forrester Consulting to conduct a Total Economic ImpactTM (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Enhanced File Transfer (EFT). The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Enhanced File Transfer on their organizations, to leverage the managed secure file transfer solution to improve their ability to serve their customers, employees, and partners.



Welcome To The New Era Of Encryption  > Download Whitepaper
Talking about encryption is all the rage these days — from revelations about the National Security Agency’s (NSA’s) surveillance program to a new wave of movies and TV shows featuring hackers and cybercriminals. All of this attention means that it’s time to distinguish mythology from truth and value from risks in this critical discussion. In this report, we provide security and risk (S&R) pros with a discussion of the benefits, pros, and cons of encryption, the future direction of encryption technologies, and useful recommendations for firms embarking on more ubiquitous encryption.



9 REALITIES OF PORTABLE AND PERSISTENT DATA PROTECTION IN THE 21ST CENTURY  > Download Whitepaper
Over the past decade, major data breaches have made headlines, resulting in significant brand damage, costly fines, and exposed social security numbers (SSNs) as well as lost or stolen Personally Identifiable Information (PII) and intellectual property.

Sophisticated cyber criminals are pros at stealing data and lurk in enterprise networks for months, even years, until they are found, but at that point, much of the damage is already done. When these breaches are discovered, enterprises hire expensive forensics analysts and incident response teams to clean up the breach and return systems to normal. Additionally, for further peace of mind, they’ll continue adding more layered defenses and perimeter security technologies that promise to keep them secure. Unfortunately, as we’ve seen, these technologies will likely fail at some point and this vicious cycle will continue.



Distributed Data Protection Matters  > Download Whitepaper
Infographic - THE 3RD PLATFORM IS CHANGING BUSINESS



Automating the Top 20 CIS Critical Security Controls  > Download Whitepaper
It’s not easy being today’s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises has increased dramatically, while IT budgets have shrunk and skilled cyber security talent is virtually impossible to find. Thankfully the CIS Top 20 Critical Controls provides a pragmatic approach, offering prioritized guidance on the important steps for implementing basic cyber hygiene practices. With the CIS Top 20 Critical Security Controls, CISOs now have a blueprint for reducing risk and managing compliance. By automating each of these controls, CISOs enable their information security teams to do much more with less, essentially operationalizing good cyber hygiene.



Glenda Lopez

Glenda Lopez
Sr. Information Security Engineer
Aetna
Biography


Jeannette Rosario

Jeannette Rosario
Director, Global Security
Aetna
Biography

The Winning Combination of Assurance and Resiliency Consolidated Evidence Audit Locker (CEAL)  > Download Presentation
As Cybersecurity threat diversity evolves, adaptability and resiliency to demonstrate maturity in security controls are essential to enterprises. Organizations increasingly demand reliable security control assurance and resiliency, which drove Aetna to create the Consolidated Evidence Audit Locker. Aetna implemented a solution that correlates common regulatory requirements with security policies and artifacts demonstrating the highest level of resiliency in private enterprise. The program was able to reduce assessment time to less than a month by reusing over 50% of data collected during PCI assessment. Additionally productivity was improved by reusing over 50% of the PCI collected data for other assessments. Join the conversation to learn how the Aetna team was able to make significant returns on investment through proactive data collection resulting in the ability to identify potential threats, analyzing data results, and taking action on those results quickly thus building stronger cyber resiliency.


George Macrelli

George Macrelli
Sr. Director Security Assurance
HMS
Biography

Eyes on the Prize: Protecting the Organization Through Access Governance  > Download Presentation
As HMS continued to grow and expand, they were challenged with adding additional capacity to their existing electronic access control system. By implementing the Physical Access, Surveillance, and Access Governance Program the team has provided Business Office Asset protection by monitoring every door in every business office, and controlling that door centrally if needed. The project has saved between 10% and 20% in insurance costs alone. It has provided a quick response in the event that a business office is in jeopardy, and getting local authorities to the site with predefined information. Join our conversation to learn how HMS have been able to enable quicker communication with precise information to local office employees through improved technology, automation and governance of their business offices and the assets contained in those offices.


Marcia Peters

Marcia Peters
SVP, Information Security Governance, Risk, and Compliance
US Bank
Biography

Reducing Sensitive Information Risks Through Tokenization  > Download Presentation
Reducing the amount of sensitive payment card data in a finical institution’s internal environment is a priority from both a security standpoint and an IT cost containment perspective. With the billions of data records they’re entrusted to safeguard, US Bank’s security team is constantly looking at new security controls to add to our defensive arsenal. The goal of their Tokenization Project was to reduce the amount of sensitive cardholder data stored in U.S. Bank’s network, using tokenization technology that replaces the primary account number (PAN) with a surrogate value--the “token.” Join our conversation to learn how the U.S. Bank team were able to lock down a tremendous volume of formerly high-risk data records and remove such data from the PCI DSS scope, so it costs the bank less to secure.


Berry Holte Elliott

Betty Elliott
VP, CISO
MoneyGram
Biography

Businesses Without Borders: International Information Exchange in a Cloud-Based World  > Summary
Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility than ever before. However, there are a number security concerns in this new world of businesses without borders. Areas such as data security, privacy, access rights management, and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. Maintaining trust among cloud-based enterprises and their partners is essential, but what else is needed to continually ensure that a cloud-based, information-sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for securing sensitive information in a cloud-based world.


Kevin Novak

Kevin Novak
Senior Vice President
Corporate Risk Management
CISO & IT Risk Officer
Northern Trust - Chicago
Biography

Protecting Data: Keeping the Keys to the Kingdom Out of the Hands of Hackers  > Summary
Breaches invariably involve data loss (for example: Anthem, JPMC, and Target), so finding the best practices to prevent them should be an essential part of your organization. Protection of data can be done at multiple network levels and can involve encryption, masking, or tokenization. The many options for data security offer a variety of security advantages, but they each have their own flaws to take into consideration. These include issues like malicious insiders abusing encryption keys, malware-based bypasses, and overall costs. Join our conversation to learn what kinds of secure data solutions are best for your business requirements; why and when to use each solution; and how you can combine solutions to minimize risk.


Scott Pettigrew

Scott Pettigrew
VP, Chief Security Officer
HMS
Irving, TX
ISE® Central Executive Award Finalist 2014
ISE® North America Executive Award Finalist 2014 - Health Care Category
ISE® Central People's Choice Award Winner 2015
ISE® Central Executive Award Winner Finalist 2015
ISE® Central Executive of the Year Award Winner 2016
ISE® Central People's Choice Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Health Care Category
ISE® North America Executive Award Finalist 2017 - Health Care Category

Biography

Help or Hindrance? Looking at the Benefits and Flaws of Encryption-Based Security  > Summary
Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys, and at what level in their system they should implement encryption (storage, database, application level, etc). The many options for encryption offer a variety of security advantages, but they each have their own flaws to consider. Issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs should all be taken into account. Join our conversation and learn what kinds of encryption and cryptography solutions are best for your organization, and how you can combine those solutions with other security procedures.


Shamoun Siddiqui

Shamoun Siddiqui
Chief Information Security Officer
Nationstar Mortgage

The war on APTs: Will We Ever Win?  > Summary
Advanced Persistent Threats continue to make news headlines on a regular basis. Most incidents end with massive costs, and have even crippled careers and organizations. As a result, an onslaught of new tools and methodologies solely designed to combat APTs have entered the market during the last few years. Yet these threats continue to loom as the most significant danger to security teams. An ISACA APT Awareness study conducted in August 2015 revealed that 93.6% of respondents consider APTs to be a “very serious threat” for their companies, and the T.E.N. and IDC Salary Survey Report indicated that 12% of security executives believed they could lose their jobs in the case of a significant data breach. The fear leaves many wondering: will we ever win? Join our conversation to share your most innovative best practices for combating APTs, and discuss with your peers the potential strategies for getting ahead in the ever-evolving threat landscape.